hxxps://www[.]nezur[.]io

Analysis

max time kernel
537s
max time network
597s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.nezur.io

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
41	raw.githubusercontent.com
42	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
4716	msedge.exe
4716	msedge.exe
4964	identity_helper.exe
4964	identity_helper.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 2108	4716	msedge.exe	34
PID 4716 wrote to memory of 2108	4716	msedge.exe	34
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2788	4716	msedge.exe	86
PID 4716 wrote to memory of 2580	4716	msedge.exe	85
PID 4716 wrote to memory of 2580	4716	msedge.exe	85
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87
PID 4716 wrote to memory of 4464	4716	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.nezur.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc843f46f8,0x7ffc843f4708,0x7ffc843f4718
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18174789054581397209,3275204842456326252,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x388
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
1024KB

MD5
ae78984688bad532c4b71ec4da822f3d

SHA1
64ee212978d5a0fd7578f380a50fb6f6ec0a0ca9

SHA256
17f2e5d353360de2bdb79616bd05d6cf9a96f09e949ec3c0de4abef71fbefc92

SHA512
6f1303cd2d05f551859cbd486c81377a47ca3d2da9ace7a85e76974599f8666507bee8a08764f493e416185d5e2c8477c0ec24969a4bb25146c7005422c35aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
1024KB

MD5
e3726be5903bdc3e755a9e49b13b4d75

SHA1
5bb50dda728ee519d473bc9691878ff2dd113082

SHA256
c710a0335a5fa28c7c208872aca114129517ff48ecaf6476e28ed4f52e3a32f2

SHA512
e51c2a02621075920a8a4b9584457d3f3ebacb70ed3709c105c53933781f2fc1fe682fa114b3b5a242cec1429655e392222b962f5923c58ee864089ec63234f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
1024KB

MD5
312d78d27a06cee1223563ba4b0887ca

SHA1
e9bc03c9b4c6648860a4b69ba982516375390be9

SHA256
e670013f79524f44843c77d418d7321a04c38367b7f6dd3b7aec7f2c2a7572af

SHA512
333ee385de4981614c3f75407fee69b7eb6bdd007731af99b43d0b948fbbc261f473066b1a91829bc499630bfc471d52cd0ee58e83aeff45f446fae5a5b9cf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
1024KB

MD5
36fc86497b5b47cc031ce21ac137d566

SHA1
77ba420b1cdf51ebcfed9dd031d1d0a9c9f116db

SHA256
62df18f671119333688a9fea0693b56773f0366009682c72d2393dc329b2802e

SHA512
968013bf0eb2e758095cafc6abc4e4f1f061c0fdead456bb1521777bc0c28bf1cd161b8786ae688d7bf8f302a70a36bbe43e2d15ddd07f1716f0cdd096c6aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1024KB

MD5
7ec01e09491fae7a17fa096bf431d04f

SHA1
084bf57c16848f1d8167b09fd3f4418b0de7cfa2

SHA256
07bb6768dc38191f0659f22478d80ed9d24d2a6b84a7f3e78e0d32bfec78c751

SHA512
72ba70222d848f7dc45d8fb0abc7780765ca31d77849658a2cfc78b188d4642922a5cb1c437c1d5984e013d70944bc9bbfee26e599212ef89b7e0ee6eaf2f1ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
1024KB

MD5
2991ed7d6e0f6cef781b41be1026153b

SHA1
35768823f8d42f8ac7421a2db8ab17c78fa6ed1d

SHA256
8890fe5a8f972c0b844db1a8837ae33cb8cfba13244b75566ecb90d54fb454fe

SHA512
18c7da9cf991178514812404d9b92c93a52c3390f24e4d7a5d4b2a9d68e81fbd2e98fb13b5abba0f063c410a7a961d454e5a8e1d389890cd14e03be06bff036f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
1024KB

MD5
4c186bdefadf200b9ac1bbb9856d8844

SHA1
3bd79494c4660cfd3b1ba5db7a77f2581e62e2d8

SHA256
324e1dad5e00ba645faacbe270d4a0c20b8e107f26b77db4b92025128e5faa4b

SHA512
0012aae12d5b6129d3db5f11ac6ab28c1349918f72cc26e1c2547e67fbccfd90101ba9c7fde6a7dc7b378cf9e25b1266a5658bc5baf77e09ebbc683bf5d7a1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
1024KB

MD5
4f4528c9c008b046a973d6e48c0c38b7

SHA1
91571bff69b1af1df2e93bfa7e60b0a08c1e9081

SHA256
3cc9d69593fcaf1a367e19718a736edbf2c4be0fd566f43b365430512e6c2581

SHA512
eeecedf96821cd6d50fbeee72ab4340339336c476c508d26e78744c44d8cb0a1736bb2181c9b0a75514caa67bceb51f22b0c012c2b3fc71ba41e8fb86b33e652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1024KB

MD5
25ba347cfe7d7a5183eddca5946e7b08

SHA1
ad298d87ce0311c14d69cc3bd7210c64d7026679

SHA256
9f32fcc7c39d123785ca1ecef16b8a166b202560cd5ceb8caf15b0b8857cbad4

SHA512
3c956860d8abbcb717ebf0f91815c95e599a0a86261f4847ea60e25a2fb52f92c2e2e234fb199a219bc9caacbbd745f9f82e6c0b56b3237757f18607d5bf05cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
1024KB

MD5
96307038302a630b3af229c387d19f2f

SHA1
809e0c51574d579c0885ad721864759799a5f6f0

SHA256
655d6807c60ea8cbb2424d67bcf2c5835f77d12a88350efd8da7611965980cc9

SHA512
66883242228172ecb0d5a801281e677bd4dbbf5589be4c8d44a5e586aae37ef8c016e7aaff8d20cc6209558376595345c411c50a6551a10fd64c7f18952ac7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
1024KB

MD5
2432fc7522b1c64221ba3c4ab653360e

SHA1
2ad9bc92ea6682a91d665200973dddae80e3b31e

SHA256
4a52e0ff68542803a503b8c8b1c4440fe477368289ff0a4617fae736cf1ff965

SHA512
0161452007579c3d62937f9f3cf07571bc3dc5f07872ef5d93abd386ba26d8ea0ca3eec229d39fcca51d85e907d834ae82b04b64fb32dbcb1cbab7d7f0c26d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
1024KB

MD5
8f318a9eaaba2f88abde1248e766ed17

SHA1
fd3aafe3f78622933b9b0fc15a18f9fd4767f397

SHA256
e451343271a602a527b8729668e5330f79ca25415ccc6ee467bf443e8e531c60

SHA512
f2ada4faa8dad49401099e1cdf792117736f6c00c39cf20798b87d73320db4106998194b7778272fda885ecb0778acc74be820e6fff88e4a4402e4f2b8fb85bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
1024KB

MD5
b1c3441c261982a5370697d959fe69df

SHA1
e4f6cd4e35d463ee55d2b4fe7fabc2bb405d1729

SHA256
f1bab0f80f62ca20f0c3f7a42a08ae9f6f0808fd20786b91df8a0db1506a9ed3

SHA512
2f4ff08bdcba035568710e37cdab83dae51e2fcf88bae415a2557acfa0a35be09460d213c3fdafb73a672250780856e18caa6315fc30c7f349118f086b76d03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
1024KB

MD5
e94b638f45d475e55744b34bbfce57b5

SHA1
72073aaca8f88789685a47b4691a84df55dd4f8e

SHA256
b724b93e7a2ddf5a0b24e374536413083d7e0fc100efce1baf0c8af85b75e557

SHA512
baa4d0942417fd40ef82c25691c00548e30ac4c966d7fea0b480c1c81efd1cd1be42a700d22b4a977b9da4df21f789476d89a04abbac9c68700c681aa804461b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1024KB

MD5
777b29a02233fd17c782a101bfd0121e

SHA1
bed668b34cd61f1fe9e63ff8b642d10db4101d02

SHA256
c07aba99e183fc715e337ae822b4d872605dcfe140f5a0d1a87a2210255b3adb

SHA512
d32313f73fcc8d1966cd12596558d4e4141e5bc1a933fccbe0e5f2b765f9ade6c2eba189f1de9ee62dbea7c9c84c56208380b1ebd7436a377d2c8255559a1cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
1024KB

MD5
f9bd24626a10028ff7e5aa7db7fb3895

SHA1
825abb4fc41bdfb537c890e993f6c2c624768edc

SHA256
125d5288abc16c308915557f2fc8acf142fbf302bcc2d39a47ea3fc489297402

SHA512
8ab0d2a7ad6b738ee982fad4e775331b4638b5b7c27b2a85deeffb3367bc4e84176f2e63e686cc2a67040056a5be55335dd6dc2fa0352950173581777c3c3785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1024KB

MD5
741dae12b77c954660ae7c51c534158e

SHA1
b95d51e429b2564a6e4b84f34d12177c43624c29

SHA256
e5d5f590db5678e8e3f35f443e51a98fc2831c9e9eb56fd237791089eb895585

SHA512
d665944b5bc1d4a04e045f6023413c21fda0d38d0a199d823c67f95aed74c1c25f7193aed81a5c8be55875f92f61f8fa7df43c481b37e2db03244ee350675466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
1024KB

MD5
017d80211ae16be2a0ded5e888e749cf

SHA1
26a598c1110bbc5aa3093d20e504146a9699f785

SHA256
61f0dded834c6d6e89c9b3fec2bd95fc8db373bf4b413a4a86eb117e54ca7843

SHA512
10357a0968b2ce3123060491ae0bbbb2d3c6f52d53ddfac727be1d35440e36c4b4360b4ff8cfb17be747beef2ce67eeb7277fd912bcf77e85cd3627471a87ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
1024KB

MD5
9983a526c57c02155911a228216c9a9a

SHA1
b6e2bc05de460200001ee03197be35e6485617e4

SHA256
6dbbaa2fca2a22bb91ca1648d0c6e2bb8d82f2040bdab1a2992c2e0317988137

SHA512
fcce535c166e0093d5f97bb68de2b59f751c30049a42035b826c9128769f57b584d40f55f35b30a83501d7e6b03f64703270de4540eac53115c67a4794d05851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
1024KB

MD5
a9cb8ce97a34e1b528c4fbfd811f9281

SHA1
f99260d56cf96ea81af87fee2874883f0748b406

SHA256
49dd7f4badeeff5167b87f774c94b45dfe1ef5ba6a6b721fc91e5738523a445a

SHA512
62e642c051dd2a067513caecf746136045ffe1d35fb0dec6275f141486555c1e4b68e76fcf661b7c711cf78c67823040e0b61db6f486e0ea7068fdb57a66ea31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
1024KB

MD5
d74ad9535efbba08cae7dc626363e1f0

SHA1
e888994805114fabfe9e9f69ba745e9c40d554c7

SHA256
3c7572cad9eb5c0d872d9b37e921c7eeedaf4db677a6f59f6663b8fd021c7faa

SHA512
8c336ae75868c1a653637c15179c301ad0bae701418fec97e788c2293f41932d98bd14375e83f8deb948ac082e29131743e16d212138450306a054680612802c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
1024KB

MD5
50f24e4016a8081acc2fa5acb95f3d7c

SHA1
5d0e1f5357d871f7b5e2690722887f7ccaae933d

SHA256
932e633a2e28119974798a31dc7fa8b14dfa749e0b09a46bdb7474a14d3ffdef

SHA512
1d954a6356340c4142df14e5bb9f6aa9d805615c15d9675c340a41178c0f99dc55251c2f59efcac36ed3bd60ca4281928c08e91dda0a04ea365f61ce0510f8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
1024KB

MD5
f0cf79ec23e11e61e14974848e23d376

SHA1
a54818a7d844f812a315c042064f23a41e8563b2

SHA256
d1ea8ee152ce39bfc71f31d08dc099cb3ac1fa5540e1e12fdcfab5dc9125a6d1

SHA512
99a8826fec9eb73696088ee37e91fd052a513cb53bf39383378f00c117899bf51704610d50cdd18a56a7c23a5d27c7d5fe32f39aa925b3cda2937a1bb7f88854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
1024KB

MD5
00ce82de93e98dd387d35daea5a7b021

SHA1
9d0fb5eca4a24995c5471a8638112ad0c21d9c0d

SHA256
3bec838ea8b295829802f115b745285a6f7a3d7aae9429a8771e1300e32c248c

SHA512
97191a327e80436ee7eac61ad93c3aa651f0948192a29173d023f8b6f8af94579db02ae2c88a976e48b2d1fce2d9bcde881fc9e8ba37cc7b34d4c78abfac39c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
1024KB

MD5
fe1c3289c6dca23a81f5cc5002193cd8

SHA1
fb4d3ce8bcbdd1467506a2c3d5bd70ca355b659d

SHA256
4cdf3762bc0215f78316b594683910460452d938d4ff5d87c1cd4eb7a9da5e16

SHA512
4d98ee637b9947091a04e04de47717c37027ecc7fde2d81eb2a8b37954ef819dc823107248dd5ef605891dbacf29b2d3d656633aabb21822d147f819823cbcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
218KB

MD5
39dc95f2e15d83292985c454feb1da9b

SHA1
23a42ac3a1bdde727eb46d05a4228a4eee4b0093

SHA256
f19e35ab2145fc4684087c5c16fc96fc6f758f5665af1f47405b60f6fd138590

SHA512
7937c4199a6d123ef24916b974b641f18b5d2d033cdb5af6a402f9add87c6108b40d1df8baa5f59ec3b346d2ad0b386adbed9642325efe6a41c3c46b66d1e827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
900d04e45fa39b0d22b35dbe1dc0ba1c

SHA1
8c53404e73ac80fd3a8914557be6c063d31b0982

SHA256
8d4dda690f0f9ec02198c2ebf1dfc7383307cc973dd65cd8cb75a20e83af6d23

SHA512
ca0e0e8926b7da1118be67b425b187259b96b751a21aabfd0b822e45486d4e7f87040f5034e607613a7f767bb69aceec6842c459fec308fbcecd305b4f45fa52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17972249901b4a76d1b231d5dd2a7841

SHA1
1b6deb7e32c473e023809f8d63e9e692d7406e7d

SHA256
4a4a4d33dcb38ca918c124b9f3b35a8be6b22c1770f901afb6a7dd8797d81dda

SHA512
d89e94a651ba97e18a878c61b0ad1500e40b936d26df90a40a0e3cc7e0902a5e9a6f877b0a999207c9f650efc6421e55cc261bbbbb4726984821a996bd6ef68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51ad07a9809613b1fa21466dea4c1468

SHA1
01cd6a1dfb372f0ad7de46d2b9c8689355a961df

SHA256
a460daa766877abb2eec695fd5d5a76db95b54b323073f5b2733fba6d0a4e42f

SHA512
dd74d0a417ca6d0057fc8dbbc0eb10b947d17a0d9532b375275cc993114855cfaa82d742d2578bae06c04ab8077a8b1af7782a9c9827cfb57b73e7c9b4794853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72686a361a8b9068717a03c36f56106f

SHA1
075bb10560b27b8760979b209f3e256a13632118

SHA256
a1ef92bd8f4754f81285cf333cddddf3101664d5b53e5edfa1245ee2151a7fff

SHA512
76cbef58094e88a637c326c517212608d72fabf7163a4e0e6a13fffc77aec03377b9d9209d0fd86e7176cee021d1ee852cdf028d889f8fbf56ea6bb1b8ffc823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a2df4db9767c362bcc3fe7d3f4d3232d

SHA1
679bf78f56c5fe394565214914582f3d28057c24

SHA256
f22ef4a44025150344bb7fc73c5d960ae3340d044c826fe5474789fa6260ce16

SHA512
9c085ad7d3fa939fffe1dbe34407e5403bc4edc5415ff76ac26e6426e425c41f56107c0442dcb21e5c0f01d0dedf2a1131b20fa2f02e531cf245b053f075fe9e

Download Submit